SHAH ALAM - Cyber attacks initiated by 'identified parties' have the potential to disrupt information systems within both financial and non-financial companies operating in Malaysia, says the Global Centre for Cyber Safety.
On October 25, Bank Negara Malaysia (BNM) confirmed the authenticity of the Pro-Israel hacktivist list which has been making its round on social media. It issued a statement titled "Threat Alert: Pro-Israel Hacktivist Targeting Malaysian FI in Retaliation to DragonForce’s OpsBadai”. The warning was also shared on Malaysian social media platforms, including X, formerly called Twitter.
Global Centre for Cyber Safety director Prof Col(R) Dato’ Ts Dr Husin Jazri said to overcome this, the Financial Sector Cyber Threat Intelligence Platform (FinTIP) alert, a cyber intelligence analysis platform run by the Bank Negara Cybersecurity Team, was established.
"This alert is meant for financial companies and organisations under the supervision of BNM. It is not meant for the public per se.
"It would affect us as the cyber attacks initiated by the identified parties may potentially disrupt the running of information systems for financial services and non-financial services or companies in Malaysia.
"Focus should be given to companies that run critical information structures for Malaysia,” he told Sinar Daily when contacted.
Besides, Husin who is also a cybersecurity professor at Taylor’s University, said these cyber attacks aim at disrupting services and exploiting data protected by our information systems.
"Companies should be more worried if this attack occurs. The ordinary public is not the intended target for these types of threats.
"The ordinary public should be more concerned over scams that are looking for their potential victims,” he said.
Commenting further, he said financial organisations do have a formal process to work with Bank Negara and other relevant agencies to help cope with any eventuality of cyber attacks that cannot be handled alone by respective companies.
"Under the National Cybersecurity Agency (NACSA), run by the National Security Council (MKN), they do annual cyber exercises at the national level under a project called NC4 to help critical organisations become familiar with the formal response and support systems made available to them by the national agencies and regulatory bodies,” he said.
Dr Husin added that cybersecurity experts can collaborate through the invitation of Bank Negara and companies that can be potentially affected by these threats.
He said usually financial organisations are quite prepared for any eventuality as they have formal guidelines to follow, such as the Risk Management in Technology (RMiT) Guidelines issued by Bank Negara and audited annually by the BNM.
"Nevertheless, gaps and vulnerabilities do exist whenever the cybersecurity team is off guard or not responding fast enough to new known vulnerabilities,” he said.
He also advised that RMIT guidelines must be complied with as much as possible and adopt best practices such as ISO 27001 and the NIST Cybersecurity Framework.
"Formalised cybersecurity, cybersafety, and data protection risk management are under the responsibility of the Board and C-Level supervision.
"Cybersecurity is not only a technology issue but also good governance and processes, and most importantly, a strong focus on human factors in cybersecurity.
"Humans are always the weakest link in the cybersecurity ecosystem,” he stressed.
Meanwhile, he also commended the BNM team for openly announcing the FinTIP alert, highlighting its benefits not only to financial organisations but to all companies in Malaysia, making them more vigilant against potential threats.
He encouraged the team to continue their efforts, regardless of any criticism, as this initiative is financed by taxpayers and sets an example for regulators worldwide.
"Keep up this good effort, and do not be afraid of any criticism that comes,” he said.
Recently, BNM confirmed the authenticity of the pro-Israel hacktivist list, which has been making its rounds on social media.
In a statement, the central bank addressed the FinTIP alert that had circulated, noting that BNM and the financial industry regularly share information about potential threats in cyberspace.
"FinTIP constantly scans the cyber landscape and highlights emerging threats, including a potential escalation in hacking activities.
"The FinTIP alert allows financial institutions to take appropriate preventive measures to secure their systems and avoid any potential disruption to financial services,” the statement read.